Random Pop Ups problem

Hewlett-packard / Rc650aa-aba a1647c
April 10, 2010 at 22:01:15
Specs: Microsoft Windows XP Professional, 2.204 GHz / 958 MB
Both Firefox and Internet Explorer have been giving pesky pop ups, while I only use Firefox, the pop ups alternate browsers. Thank you for any help.

See More: Random Pop Ups problem

Report •

#1
April 11, 2010 at 07:31:18
Download DDS and save it to your desktop.
DDS.scr


Disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr to run the tool.
When done, the DDS.txt will open.
Click Yes at the next prompt for Optional Scan.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt (do not zip just copy/paste)

Save both reports to your desktop then post them please.You may need to post in segments to get all the info to us as the logs may be to large to fit in one post.

Please download Malwarebytes' Anti-Malware from one of these sites:

MalwareBytes1

MalwareBytes2

Rename the setup file, mbam-setup.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename mbam-setup.exe to tool.exe> click save.

1. Double Click tool.exe to install the application.
2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
3. If an update is found, it will download and install the latest version.
4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything found is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
9. Copy&Paste the entire report in your next reply.


Report •

#2
April 11, 2010 at 11:07:37
you say both browsers give you pop-ups, when not set up the pop-up control on them? Sounds easy enough.

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#3
April 11, 2010 at 12:46:35
DDS is not responding. Even after disabling my anti virus' script blocker, all DDS does is show a black screen and then disappear.

Report •

Related Solutions

#4
April 11, 2010 at 13:01:29
I just re-installed Malwarebytes and it seems to be removed by some malware..

Once installed and ran, I get a message saying "Windows is searching for mbam.exe. To locate the file yourself, click Browse."


Report •

#5
June 11, 2010 at 09:26:38
I am getting the same type of pop-ups. Here are the results of my DDS scan.


DDS (Ver_10-03-17.01) - NTFSx86
Run by rube4052 at 11:12:28.57 on Fri 06/11/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3574.2464 [GMT -5:00]

AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

D:\Program Files\lotus\notes\nslsvice.exe
C:\WINNT\system32\svchost -k DcomLaunch
svchost.exe
C:\WINNT\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINNT\system32\spoolsv.exe
d:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Aruba Wireless Networks\ArubaService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINNT\system32\cisvc.exe
C:\WINNT\SYSTEM32\DWRCS.EXE
C:\WINNT\system32\enstart.exe
D:\Program Files\Group1\CDQ Platform\server\bin\wrapper\wrapper.exe
C:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Group1\CDQ Platform\java\bin\java.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Program Files\lotus\notes\ntmulti.exe
C:\Program Files\Novadigm\radexecd.exe
C:\Program Files\Novadigm\radsched.exe
C:\Program Files\Novadigm\Radstgms.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINNT\system32\StacSV.exe
C:\WINNT\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SYSTEM32\DWRCST.exe
C:\WINNT\stsystra.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
D:\Program Files\RightFax\FaxCtrl.exe
C:\WINNT\system32\igfxpers.exe
D:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINNT\system32\igfxsrvc.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe
C:\Program Files\QuickTime\QTTask.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\rube4052\Application Data\Smilebox\SmileboxTray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Program Files\Group1\CDQ Platform\server\bin\g1estray.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Documents and Settings\rube4052\Application Data\Dropbox\bin\Dropbox.exe
d:\My Documents\RCA Detective\RCADetective.exe
D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINNT\system32\cidaemon.exe
C:\WINNT\system32\cidaemon.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\WINNT\system32\cidaemon.exe
C:\Documents and Settings\rube4052\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://bing.zugo.com/?cfg=2-76-0-1fS7z
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://pbwebb.ct.pb.com/pbw/pbweb/ep/usaHome.do
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: FCToolbarURLSearchHook Class: {96b985b7-3cf9-456a-9db6-791710e60f5f} - d:\program files\mypoints point finder\Helper.dll
uURLSearchHooks: H - No File
uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - c:\program files\search toolbar\tbhelper.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - d:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Freecause Toolbar BHO: {614bda1f-9bef-4cd1-bde4-fa4804929b4a} - d:\program files\mypoints point finder\Toolbar.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: flvnetwork: {bee0f75f-d726-e7bc-4154-fed53e532b25} - c:\winnt\system32\tsN__P_NP7MTFP.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: TBSB05974 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\search toolbar\tbcore3.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: MyPoints Point Finder: {89a2510a-b4b6-4683-bec9-1b96700bc7f1} - d:\program files\mypoints point finder\Toolbar.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
TB: Search Toolbar: {0c8413c1-fad1-446c-8584-be50576f863e} - c:\program files\search toolbar\tbcore3.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [NetSP - restore settings on power failure] "c:\program files\at&t global network client\NetSP.exe" -show
uRun: [SmileboxTray] "c:\documents and settings\rube4052\application data\smilebox\SmileboxTray.exe"
uRun: [Infuzer] c:\program files\trondent development corp\infuzer\Infuzer.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [WindowsLivePhone] "c:\program files\windows live\device manager\msgrdvmn.exe" /AutoRun
mRun: [Cleanup] c:\winnt\pbutility\cleanup.cmd
mRun: [ATTUserConfig] c:\winnt\pbcache\attglobal680\ATTGlobal.exe /UserConfig /s
mRun: [Radia Connect] c:\progra~1\novadigm\radskman.exe cat=m,ip=usdby1-novrcp02.pbi.global.pvt,port=3464,ulogon=n,mname=Radia,dname=software,ind=n,ask=y,hreboot=y,uid=$machine,startdir=$user,context=U,userfreq=0
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\winnt\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\winnt\system32\NvMcTray.dll,NvTaskbarInit
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [RightFAX Print-to-Fax Driver] d:\program files\rightfax\\FaxCtrl.exe
mRun: [IgfxTray] c:\winnt\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\winnt\system32\hkcmd.exe
mRun: [Persistence] c:\winnt\system32\igfxpers.exe
mRun: [HP Software Update] "d:\program files\hp\hp software update\HPWuSchd.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [DXDllRegExe] dxdllreg.exe
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [Adobe Photo Downloader] "d:\program files\adobe\photoshop elements 6.0\apdproxy.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [LifeChat] "c:\program files\microsoft lifechat\LifeChat.exe"
mRun: [WindowsLivePhone] c:\program files\windows live\device manager\msgrdvmn.exe /AutoRun
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\rube4052\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\rube4052\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\rube4052\startm~1\programs\startup\rcadet~1.lnk - d:\my documents\rca detective\RCADetective.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\group1~1.lnk - d:\program files\group1\cdq platform\server\bin\g1estray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - d:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\infuzer.lnk - c:\program files\trondent development corp\infuzer\Infuzer.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~1\office11\REFIEBAR.DLL
Trusted Zone: global.pvt\*.pbi
Trusted Zone: pb.com
Trusted Zone: pitneybowes.ca
DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} - hxxps://content10.ilinc.com/download/AXCltInstall.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {1230921A-10E7-44F9-A31F-DA7E811FB3A6} - hxxp://mdg1spw1/service_enu/18372/applets/SiebelAx_OutBound_mail.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {4ECE056F-E50F-4F9D-B069-EB342D21F26A} - hxxp://www1.snapfish.com/SnapfishActivia3.cab
DPF: {519B48ED-2242-4F0F-A1F6-65B3A505972D} - hxxps://gpr.pb.com/psynch/docs/pslocalr.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132327821273
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8C244272-1DC1-4CE7-9C6C-FABCA09EB543} - hxxp://mdg1spw1/service_enu/18372/applets/SiebelAx_Desktop_Integration.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - hxxp://www.installengine.com/engine/isetup.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38132.7362962963
DPF: {C0F6B602-D21B-41E9-8B06-36B83837757D} - hxxp://mdg1spw1/service_enu/18372/applets/SiebelAx_HI_Client.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://mapinfo.webex.com/client/T26L/webex/ieatgpc.cab
DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} - hxxp://cvs.pnimedia.com/upload/activex/v2_0_0_11/PCAXSetupv2.0.0.11.cab?
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-latest.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~4\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winnt\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\rube4052\applic~1\mozilla\firefox\profiles\ecdyn0lh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://bing.zugo.com/?cfg=2-76-0-1fS7z
FF - prefs.js: keyword.URL - hxxp://bing.zugo.com/s/?src=FF-Address&site=Bing&cfg=2-76-0-1fS7z&q=
FF - component: c:\documents and settings\rube4052\application data\mozilla\firefox\profiles\ecdyn0lh.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - component: c:\program files\microsoft\search enhancement pack\search helper\firefoxextension\searchhelperextension\components\SEPsearchhelperff.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\xstandard\bin\NPXStandard.dll
FF - plugin: d:\program files\adobe\acrobat 7.0\reader\browser\nppdf32.dll
FF - plugin: d:\program files\itunes\mozilla plugins\npitunes.dll
FF - HiddenExtension: LoudMo Contextual Ad Assistant: No Registry Reference - c:\program files\mozilla firefox\extensions\{24b6caf9-f500-d196-fe7c-5b8445b2aba9}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false

============= SERVICES / DRIVERS ===============

R0 a320raid;a320raid;c:\winnt\system32\drivers\a320raid.sys [2005-11-29 251578]
R1 enstart_;enstart_;c:\winnt\system32\enstart_.sys [2007-2-12 31616]
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2007-10-16 31784]
R2 Aruba VPN Service;Aruba VPN Service;c:\program files\aruba wireless networks\ArubaService.exe [2003-10-10 73728]
R2 enstart;enstart;c:\winnt\system32\enstart.exe [2007-2-12 491520]
R2 GlobalSentryDBServer;Global Sentry Database Server;d:\program files\group1\cdq platform\server\bin\wrapper\wrapper.exe [2008-4-29 180224]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2007-12-21 103744]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2007-10-16 144704]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2007-10-16 54608]
R2 radexecd;Radia Notify Daemon;c:\program files\novadigm\radexecd.exe [2005-5-4 217268]
R2 radsched;Radia Scheduler Daemon;c:\program files\novadigm\radsched.exe [2004-8-25 245940]
R2 Radstgms;Radia MSI Redirector;c:\program files\novadigm\Radstgms.exe [2004-10-22 377012]
R3 mfeavfk;McAfee Inc.;c:\winnt\system32\drivers\mfeavfk.sys [2008-6-11 72680]
R3 mfebopk;McAfee Inc.;c:\winnt\system32\drivers\mfebopk.sys [2008-6-11 33960]
R3 mfehidk;McAfee Inc.;c:\winnt\system32\drivers\mfehidk.sys [2008-6-11 171272]
R3 RadiaMsi;RadiaMsi;c:\winnt\system32\drivers\radiamsi.sys [2004-9-10 22656]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-2-6 30192]
S3 GTIPCI21;GTIPCI21;c:\winnt\system32\drivers\gtipci21.sys [2006-11-3 80384]
S3 leslie;Group 1 CDQ Platform;d:\program files\group1\cdq platform\server\bin\wrapper\wrapper.exe [2008-4-29 180224]
S3 PCX500;Cisco Wireless LAN Adapters Driver;c:\winnt\system32\drivers\pcx500.sys [2004-5-25 169984]
S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\winnt\system32\drivers\swnc8u80.sys [2008-8-20 168192]
S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\winnt\system32\drivers\swumx80.sys [2008-8-20 142976]

=============== Created Last 30 ================

2010-05-31 17:12:43 120769 ----a-w- c:\winnt\system32\qugb_AgrYfV.exe
2010-05-31 17:12:02 0 d-----w- c:\docume~1\alluse~1\applic~1\Toolbar4
2010-05-31 17:11:55 0 d-----w- c:\program files\Search Toolbar
2010-05-31 00:40:14 0 ----a-w- c:\winnt\iPlayer.INI
2010-05-31 00:39:17 0 d-----w- c:\program files\InterActual
2010-05-17 23:57:34 1646592 ----a-w- c:\winnt\system32\tsN__P_NP7MTFP.dll
2010-05-17 17:51:22 0 d-----w- c:\winnt\MVUNINST

==================== Find3M ====================

2010-06-10 14:50:58 75420 ---ha-w- c:\winnt\system32\mlfcache.dat
2010-04-08 18:20:02 91424 ----a-w- c:\winnt\system32\dnssd.dll
2010-04-08 18:20:02 107808 ----a-w- c:\winnt\system32\dns-sd.exe
2010-03-25 13:59:16 72080 ----a-w- c:\documents and settings\rube4052\g2mdlhlpx.exe

============= FINISH: 11:13:01.09 ===============


Report •

#6
June 11, 2010 at 10:28:09
It is a spyware or even an adware infection that causes unwanted popups (advertisements/spam). To fix this, run Malware Bytes anti malware, or Super anti spyware
http://www.darfuns.com/download-sup...
http://www.techvts.com/security/dow...

Happy Virus Free Computing(.net)
Virus Removal tutorials and Softwares


Report •

Ask Question